How to fetch Amazon Cognito Identity ID (user_identity_id) for the user from the lambda function?

In the Amplify documentation, under the Storage/File access levels section there is a paragraph that states:

Files are stored under private/{user_identity_id}/ where the user_identity_id corresponds to the unique Amazon Cognito Identity ID for that user.

How to fetch user_identity_id from the lambda function?

Request to the lambda is authorized, the event.requestContext.authorizer.claims object is available, I can see the user data, but not the user_identity_id.

EDIT: Now I see that there is a field event.requestContext.identity.cognitoIdentityId, but the value is null. Still need to find the way to fetch it.

Solution 1:

If the user accesses the lambda through graphql via the AppSync service then the identity is stored event.identity.owner

Here is some typescript code I use to pull the user_identity_id from the event. However, the user doesn't always call the lambda direct sp the user_identity can also be based in if from an authorized IAM role.

export function ownerFromEvent(event: any = {}): string {
  if (
    event.identity.userArn &&
    event.identity.userArn.split(":")[5].startsWith("assumed-role")
  ) {
    // This is a request from a function over IAM.
    return event.arguments.input.asData.owner;
  } else {
    return event.identity.owner;
  }
}